CVE-2015-7872 (retired)

The key_gc_unused_keys function in security/keys/gc.c in the Linux kernelthrough 4.2.6 allows local users to cause a denial of service (OOPS) viacrafted keyctl commands.

Ubuntu-Description

Dmitry Vyukov discovered that the Linux kernel's keyring handler attemptedto garbage collect incompletely instantiated keys. A local unprivilegedattacker could use this to cause a denial of service (system crash).

jdstrand> android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels jdstrand> linux-lts-saucy no longer receives official support jdstrand> linux-lts-quantal no longer receives official support kamal> Per the oss-security discussion and the author's commit notes, kamal> 911b79cde is not actually a security issue, so removed its break-fix.